Show in Graph
Common Information
Type Value
Value 
rule Windows_Trojan_Netwire_3 {
	meta:
		author = "Elastic Security"
		os = "Windows"
		arch = "x86"
		category_type = "Trojan"
		family = "Netwire"
		threat_name = "Windows.Trojan.Netwire"
	strings:
		$a = { C9 0F 44 C8 D0 EB 8A 44 24 12 0F B7 C9 75 D1 32 C0 B3 01 8B CE 88 44 }
	condition:
		all of them
}
Category
Type Yara Rule
Misp Type
Description
Details Published Attributes CTI Title
Details Website 2023-01-30 70 NETWIRE Dynamic Configuration Extraction — Elastic Security Labs